janitortechnology / selfapi Goto Github PK

Simplify:

request.on('data', chunk => {
  json += String(chunk);
});
request.on('end', () => {

by introducing an option.

Version 10 of Node.js (code name Dubnium) has been released! 🎊

To see what happens to your code in Node.js 10, Greenkeeper has created a branch with the following changes:

• Added the new Node.js version to your .travis.yml

If you’re interested in upgrading this repo to Node.js 10, you can open a PR with these changes. Please note that this issue is just intended as a friendly reminder and the PR as a possible starting point for getting your code running on Node.js 10.

Your Greenkeeper Bot 🌴

This issue lists Renovate updates and detected dependencies. Read the Dependency Dashboard docs to learn more.

Open

These updates have all been created already. Click a checkbox below to force a retry/rebase of any.

• chore(deps): update dependency express to v5.0.0-beta.3 [security]

Detected dependencies

• Check this box to trigger a request for Renovate to run again on this repository

As in https://github.com/shieldfy/API-Security-Checklist/blob/master/README.md

Some things should be verified in API implementations, such as https://github.com/JanitorTechnology/janitor/blob/master/api/

Today, many JSON API endpoints require specific "access scopes" to be associated with the authenticated credential, and otherwise return an error (for example, GitHub's OAuth2 access tokens are associated a list of access scopes)

There is currently no authentication code or scope-verification code in SelfAPI, so both of these features need to be implemented manually (for example, with a server-middleware that authenticates access scopes, and by manually verifying in each API endpoint handler if the required scope is authorized for the current request).

Maybe there is a useful way to integrate "access scopes" (both request-level authentication and handler-level verification) into SelfAPI? This would have the following benefits:

• API implementers don't need to write scope authentication and verification manually,
• The automatically-generated documentation can indicate which access scopes exists, and which API endpoints require them.

https://developer.mozilla.org/en-US/docs/Web/HTTP/Methods

It looks like https://github.com/noirbizarre/flask-restplus is an amazing Self API for Python's Flask framework.

It supports exporting Swagger API descriptions, specifying parameter types, specifying access scopes, and looks generally more flushed-out than Self API.

I believe we should look up to Flask-RESTPlus for inspiration on valuable new features.

I want to use link svg icon instead of pound

This would make SelfAPI compatible with the powerful Swagger API tools, like auto-generated API bindings and rich documentation with directly testable API calls.

Hi,

Have you already thought about exporting test suite generated by selfapi to a standard testing framework?

I think it would be awesome to be able to export Mocha tests for instance, directly through the selfapi description of the API! :)